Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

plugin/kubernetes: Wildcard SRV records for endpoints peculiarity #2029

Closed
chrisohaver opened this issue Aug 10, 2018 · 5 comments
Closed

plugin/kubernetes: Wildcard SRV records for endpoints peculiarity #2029

chrisohaver opened this issue Aug 10, 2018 · 5 comments
Labels
bug plugin/kubernetes question

Comments

@chrisohaver
Copy link
Member

chrisohaver commented Aug 10, 2018
edited

When myservice is a non-headless service, the following SRV query to all it's endpoints works:

dig -t SRV *.myservice.default.svc.cluster.local.

It returns a list of SRV records for all endpoints in the service. e.g.

;; ANSWER SECTION:
*.myservice.default.cluster.local.     5 IN SRV	0 50 443 172-17-0-253.myservice.default.cluster.local.
*.myservice.default.svc.cluster.local. 5 IN SRV	0 50 80  172-17-0-253.myservice.default.cluster.local.

;; ADDITIONAL SECTION:
172-17-0-253.myservice.default.cluster.local 5 IN A 172.17.0.253

But all the following return NXDOMAIN:

dig -t SRV *.*.*.myservice.default.svc.cluster.local.
(which you'd expect the same result as above)

dig -t SRV _http._tcp.*.myservice.default.svc.cluster.local.
(specifying the port and protocol fields)

dig -t SRV _http._tcp.172-17-0-253.myservice.default.svc.cluster.local.
(with no wildcards used)

Wild card queries are not part of the k8s dns spec, and neither are SRV queries for endpoints (only headless and non-headless services are defined). So hard to say if this is a bug or not. But the current behavior is certainly inconsistent with itself.
@chrisohaver
Copy link
Member Author

IMO, we should allow the 3 NXDOMAIN examples above to work.
The first returning the two results for http and https, the other two returning just a single record for http.

@miekg
Copy link
Member

miekg commented Aug 10, 2018 via email

@chrisohaver
Copy link
Member Author

Why? this has more labels than k8s supports.

K8s actually does support this many labels. It's an SRV record, so the first two are service and protocol (e.g. "_http" and "_tcp"). And its an SRV record for an endpoint, so the next label is an endpoint name, then the service, namespace, type, and cluster domain.

What is the inconsistency?

The inconsistency is that we allow SRV requests of endpoint in one form, but not others.

@junoteam
Copy link

junoteam commented Aug 29, 2018
edited

hello,

regarding to SRV query record like that:
dig -t SRV _http._tcp.nginx.default.svc.cluster.local.

coredns doesn't create this kind of SRV record [in some reason], but Haproxy and nginx build SRV query exactly like this. Example: https://www.haproxy.com/blog/dns-service-discovery-haproxy

In docs of coredns I see that it should create this type of SRV, but it simply doesn't.
Proof: https://coredns.io/plugins/kubernetes

Instead of this coredns create SRV records like this:
_80-80._tcp.nginx.default.svc.cluster.local

So I'm unable to use Haproxy or Nginx for dns load balancing.
Do you know how to fix it?

@johnbelamaric
Copy link
Member

You need to name the port in your service spec:

  ports:
  - port: 80
    name: http

@miekg miekg added the works as intended Not a bug or issue label Oct 18, 2018
@miekg miekg closed this as completed Oct 18, 2018
@chrisohaver chrisohaver reopened this Oct 18, 2018
@chrisohaver chrisohaver removed the works as intended Not a bug or issue label Oct 29, 2018
@miekg miekg closed this as completed Feb 7, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug plugin/kubernetes question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@miekg @junoteam @johnbelamaric @chrisohaver